Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: C++ is the only logically option (Score 5, Informative) 160

C++ is still very much a living, actively developed language. There's a lot of people using it for modern projects. It's well supported under pretty much all modern operating systems & you have excellent tools available under Linux.

There's not a lot of reason to pick up Objective C unless you plan on targeting Apple. It's pretty much a dead language everywhere else, outside of a few niche projects.

Comment: Re: Closed source GPUs (Score 1) 88

agreed (and they know it) - this is probably their 18-month holding pattern while the Israel team gets the power out of Iris. Not having a market position until then is a worse option for them. Not paying a video royalty is obviously better for cost/profitability and developers.

Comment: Re:The idea was a good one, the execution poor (Score 1) 189

by fermion (#49165573) Attached to: That U2 Apple Stunt Wasn't the Disaster You Might Think It Was
iTunes users can already go and get loads of free music. This is how I was turned on to High-Fi.

Presumably this was not good enough for U-2, so we have this intrusive method of stuffing iTunes user accounts with unwanted music. For the record I was never a U-2 fan, and now it just seems like some desperate cut rate band.

Comment: Re:The Optimistic viewpoint hade a source (Score 4, Insightful) 216

by fermion (#49163401) Attached to: Spock and the Legacy of Star Trek
This is it. The original Star Trek, all of them, pretty much said that diplomacy occasionally backed up with defense would end up in the best results. That technology over time helps us build trusts. There are a few bad agents, but we are mostly good.

The new Star Trek says violence is the way. That the violent people win. And brings a new level of suspension of rational thought. That the Earth would have no defenses against a rougue star ship. That a meeting would have no defenses against a rough droid. That we would be running across the city chasing a suspect. That civilization could build a starship, but could not protect the citizenship. It is not so much a dark world, but a world that reflects the fears of technologically illiterate audience.

Life is pretty bad when your star trek movie makes less sense than the Fifth Element, which at least had good actors.

Comment: Re:Last straw? (Score -1) 453

Let me repeat that, in case you appear to misread it. 16,000 airstrikes
I'm not exactly sure how anyone can say we're not "stopping them"

I know if a foreign adversary had launched 16,000 airstrikes on the US, I'd harbor no ill will towards them! Doubly-not if they'd killed my loved ones!

Because people who live in the middle east are the black-haired equivalent to the soulless gingers who roam our strees, except more mindless and probably much-gatherers - amirite?

Oh, wait, did you mean the airstrikes were IMPROVING our safety? ROFL WAFL!

Comment: Re: Krebs (Score 2) 224

I like Krebs, so DO NOT put him in a position where he has to think about protecting your identity. For the love of all that is holy, boot Tails on a junker laptop at a cafe you never go to and use a throw-away mail account or pastebin it and leave a comment.

Or just walk away. You have no duty to put your life on the line here - everybody who supports the system that will throw you to the lions for being a good guy will suffer for it in kind. You're not obligated to be their saviour. Sucks, but play the shitty hand you're dealt - don't bet all your money wishing you didn't just have a pair of threes.

Comment: Re:Relaxing = Live longer? (Score 3, Informative) 205

by TeknoHog (#49160529) Attached to: Research Suggests That Saunas Help You Live Longer

it's quite the contrary, we (finns) throw water to stove, which boils immediately forming steam (löyly) which fills the 'sauna room' (löylyhuoneen). Humidity is well over 80% there in well warmed up sauna all the time and when that water is thrown (half a pint of more) it will quite rapidly go above 90% humidity.

If you have been in a place where someone calls it sauna and it's unlike that, it's not a proper finnish sauna, not even close.

I'm not sure how exactly the (relative) humidity percentages translate to human perception, but from the experience as a Finn, the effect of humidity varies a lot. When you toss water on the stove, there's your familiar (for /. audiences) heat pipe effect: evaporation at the stove, condensation on your skin, meaning a rapid burst-mode transfer of heat into you. But this only lasts a couple of seconds, and you'll generally spend minutes relaxing in the moderate heat in between tosses.

The ideal temperature and humidity also depends heavily on the size and build of the sauna. Smaller ones are generally fine with lower air temperatures, presumably because the heat pipe effect will be better focused.

Of course, ideal humidities and temperatures really come down to preferences, and the watering frequency also provides a lot of control, there's really no need for extreme heat if that's not your thing. IMHO, the sauna is first and foremost about relaxation, even a kind of meditation, and presumably that's an important factor on health.

Comment: Re:Pretty pointless (Score 4, Insightful) 308

by bill_mcgonigle (#49158741) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

I'm still waiting for the first CEO to go to jail for refusing this.

Dude, you're fourteen years behind the news. The technique is not to get you on the "refusing NSA" charge, but any of the other countless criminal acts you commit every day. This is the primary purpose of a hyper-criminalized environment - so that everybody can be easily bent to the whim of the power structure. See also: charge stacking and the de-facto abolishment of the Sixth Amendment through the plea-bargain process (or, if you're a corporation, the no-plea deal for really efficient fascism.

Comment: Re:Hashes not useful (Score 3, Informative) 308

by bill_mcgonigle (#49158717) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash. ... A company like Seagate doesn't rely on volunteers at universities to distribute their binaries so the technique is pointless.

There are many possible attacks. A hash on a website is not invulnerable to a rogue employee at Seagate (or one "just following orders").

A hash protects against a rouge insertion at the endpoint. Like if your PC is compromised by an attacker and then you pull the hard drive and [assuming there's a way to get a hash from SMART/ATAPI) you can compare the hash of the firmware that the drive is running to the list of published firmwares at the vendor's site. If the attackers are only modifying a small subset of drives, this works fine - they can't also intercept the check to the vendor's site - not unless they've broken TLS and/or have malware on every possible machine.

A tool to verify the firmware is poetically impossible to write. What code on the drive would provide the firmware in response to a tool query? Oh right ..... the firmware itself.

Well, today you can pull the image from JTAG, or so the experts have said (you can verify the firmware directly from memory with a hash if you have moderate funding). There's all sorts of talk about how ATAPI is write-only for firmware because the vendors don't want their competition to get their code and decompile it. This appears to be nonsense, as any other drive vendor already has the debug tools to pull such things from memory, and extracting it from an update isn't that hard - if a 16K DOS update utility can extract it, so can a multi-billion dollar R&D company.

To make it work you need an unflashable boot loader that acts as a root of trust and was designed to do this from the start. But such a thing is basically pointless unless you're trying to detect firmware reflashing malware and that's something that only cropped up as a threat very recently. So I doubt any hard disk has it.

They most certainly do not. So, here we are at today and need a way forward. There are a few ways forward, a fistful of crypto protocols to choose from to ensure future usefulness of hard drives for security applications, and INCITS/SATA-IO ought to be having emergency meetings _right now_ because this (NSA/GCHQ) is a major threat to the industry. The vendors may need to move operations outside of five-eyes to remain commercially viable.

Comment: Re: I should think so! (Score 4, Interesting) 107

by bill_mcgonigle (#49155435) Attached to: Blu-Ray Players Hackable Via Malicious Discs

but it doesn't seem to be a likely threat vector.

Do some traffic analysis on your target's porn habits at the ISP, leave a compromised disc about his favorite kink in a bag on the ground near where he parks his car, and use his "connected" player to zero-day the other equipment on his LAN, installing the APT without even needing to pretend about premesis warrants or anything.

Have you reconsidered a computer career?

Working...